# When a task that used to pass starts to fail, go through all versions that
# may have been skipped to detect when the task started failing.
stepback: true

# Fail builds when pre tasks fail.
pre_error_fails_task: true

# Mark a failure as a system/bootstrap failure (purple box) rather then a task
# failure by default.
# Actual testing tasks are marked with `type: test`
command_type: system

# Protect ourselves against rogue test case, or curl gone wild, that runs forever.
exec_timeout_secs: 5400

# What to do when evergreen hits the timeout (`post:` tasks are run automatically)
timeout:
  - command: shell.exec
    params:
      script: |
        true

functions:
  assume-test-secrets-ec2-role:
    - command: ec2.assume_role
      params:
        role_arn: ${aws_test_secrets_role}

  "fetch source":
    # Executes git clone and applies the submitted patch, if any
    - command: git.get_project
      params:
        directory: "src"
    - command: shell.exec
      params:
        working_dir: "src"
        script: |
          set -ex

          git submodule update --init --recursive

  setup-system:
    # Make an evergreen expansion file with dynamic values
    - command: shell.exec
      params:
        working_dir: "src"
        script: |
          # Get the current unique version of this checkout
          if [ "${is_patch}" = "true" ]; then
            CURRENT_VERSION=$(git describe)-patch-${version_id}
          else
            CURRENT_VERSION=latest
          fi

          export DRIVERS_TOOLS="$(pwd)/.mod/drivers-evergreen-tools"

          # Python has cygwin path problems on Windows. Detect prospective mongo-orchestration home directory
          if [ "Windows_NT" = "$OS" ]; then # Magic variable in cygwin
            export DRIVERS_TOOLS=$(cygpath -m $DRIVERS_TOOLS)
          fi

          export MONGO_ORCHESTRATION_HOME="$DRIVERS_TOOLS/.evergreen/orchestration"
          export MONGODB_BINARIES="$DRIVERS_TOOLS/mongodb/bin"
          export UPLOAD_BUCKET="${project}"
          export PROJECT_DIRECTORY="$(pwd)"

          cat <<EOT > expansion.yml
          CURRENT_VERSION: "$CURRENT_VERSION"
          DRIVERS_TOOLS: "$DRIVERS_TOOLS"
          MONGO_ORCHESTRATION_HOME: "$MONGO_ORCHESTRATION_HOME"
          MONGODB_BINARIES: "$MONGODB_BINARIES"
          UPLOAD_BUCKET: "$UPLOAD_BUCKET"
          PROJECT_DIRECTORY: "$PROJECT_DIRECTORY"
          PREPARE_SHELL: |
            set -o errexit
            #set -o xtrace
            export DRIVERS_TOOLS="$DRIVERS_TOOLS"
            export MONGO_ORCHESTRATION_HOME="$MONGO_ORCHESTRATION_HOME"
            export MONGODB_BINARIES="$MONGODB_BINARIES"
            export UPLOAD_BUCKET="$UPLOAD_BUCKET"
            export PROJECT_DIRECTORY="$PROJECT_DIRECTORY"

            # TMPDIR cannot be too long, see
            # https://github.com/broadinstitute/cromwell/issues/3647.
            # Why is it even set at all?
            #export TMPDIR="$MONGO_ORCHESTRATION_HOME/db"
            export PATH="$MONGODB_BINARIES:$PATH"
            export PROJECT="${project}"

            export AUTH=${AUTH}
            export SSL=${SSL}
            export TOPOLOGY=${TOPOLOGY}
            export MLAUNCH_TOPOLOGY=${MLAUNCH_TOPOLOGY}
            export COMPRESSOR=${COMPRESSOR}
            export RVM_RUBY="${RVM_RUBY}"
            export MONGODB_VERSION=${MONGODB_VERSION}
            export CRYPT_SHARED_VERSION=${CRYPT_SHARED_VERSION}
            export FCV=${FCV}
            export MONGO_RUBY_DRIVER_LINT=${LINT}
            export RETRY_READS=${RETRY_READS}
            export RETRY_WRITES=${RETRY_WRITES}
            export WITH_ACTIVE_SUPPORT="${WITH_ACTIVE_SUPPORT}"
            export SINGLE_MONGOS="${SINGLE_MONGOS}"
            export BSON="${BSON}"
            export MMAPV1="${MMAPV1}"
            export FLE="${FLE}"
            export FORK="${FORK}"
            export SOLO="${SOLO}"
            export EXTRA_URI_OPTIONS="${EXTRA_URI_OPTIONS}"
            export API_VERSION_REQUIRED="${API_VERSION_REQUIRED}"
            export DOCKER_DISTRO="${DOCKER_DISTRO}"

            export STRESS="${STRESS}"
            export OCSP_ALGORITHM="${OCSP_ALGORITHM}"
            export OCSP_STATUS="${OCSP_STATUS}"
            export OCSP_DELEGATE="${OCSP_DELEGATE}"
            export OCSP_MUST_STAPLE="${OCSP_MUST_STAPLE}"
            export OCSP_CONNECTIVITY="${OCSP_CONNECTIVITY}"
            export OCSP_VERIFIER="${OCSP_VERIFIER}"

            export ATLAS_REPLICA_SET_URI="${atlas_replica_set_uri}"
            export ATLAS_SHARDED_URI="${atlas_sharded_uri}"
            export ATLAS_FREE_TIER_URI="${atlas_free_tier_uri}"
            export ATLAS_TLS11_URI="${atlas_tls11_uri}"
            export ATLAS_TLS12_URI="${atlas_tls12_uri}"
            export RVM_RUBY="${RVM_RUBY}"
          EOT

          # See what we've done
          cat expansion.yml
    # Load the expansion file to make an evergreen variable with the current
    # unique version
    - command: expansions.update
      params:
        file: src/expansion.yml
    - command: subprocess.exec
      params:
        binary: bash
        include_expansions_in_env: ["PROJECT_DIRECTORY"]
        args:
          - "${DRIVERS_TOOLS}/.evergreen/setup.sh"

  bootstrap-mongo-orchestration:
    - command: subprocess.exec
      params:
        binary: bash
        env:
          MONGODB_VERSION: ${MONGODB_VERSION}
        include_expansions_in_env: [TOPOLOGY, AUTH, SSL, ORCHESTRATION_FILE,
            REQUIRE_API_VERSION, LOAD_BALANCER]
        args: ["${DRIVERS_TOOLS}/.evergreen/run-orchestration.sh"]
    - command: expansions.update
      params:
        file: mo-expansion.yml

  "export AWS auth credentials":
    - command: shell.exec
      type: test
      params:
        silent: true
        working_dir: "src"
        script: |
          cat <<EOT > .env.private
          IAM_AUTH_ASSUME_AWS_ACCOUNT="${iam_auth_assume_aws_account}"
          IAM_AUTH_ASSUME_AWS_SECRET_ACCESS_KEY="${iam_auth_assume_aws_secret_access_key}"
          IAM_AUTH_ASSUME_ROLE_NAME="${iam_auth_assume_role_name}"
          IAM_AUTH_EC2_INSTANCE_ACCOUNT="${iam_auth_ec2_instance_account}"
          IAM_AUTH_EC2_INSTANCE_PROFILE="${iam_auth_ec2_instance_profile}"
          IAM_AUTH_EC2_INSTANCE_SECRET_ACCESS_KEY="${iam_auth_ec2_instance_secret_access_key}"
          IAM_AUTH_ECS_ACCOUNT="${iam_auth_ecs_account}"
          IAM_AUTH_ECS_ACCOUNT_ARN="${iam_auth_ecs_account_arn}"
          IAM_AUTH_ECS_CLUSTER="${iam_auth_ecs_cluster}"
          IAM_AUTH_ECS_SECRET_ACCESS_KEY="${iam_auth_ecs_secret_access_key}"
          IAM_AUTH_ECS_SECURITY_GROUP="${iam_auth_ecs_security_group}"
          IAM_AUTH_ECS_SUBNET_A="${iam_auth_ecs_subnet_a}"
          IAM_AUTH_ECS_SUBNET_B="${iam_auth_ecs_subnet_b}"
          IAM_AUTH_ECS_TASK_DEFINITION="${iam_auth_ecs_task_definition_ubuntu2004}"

          IAM_WEB_IDENTITY_ISSUER="${iam_web_identity_issuer}"
          IAM_WEB_IDENTITY_JWKS_URI="${iam_web_identity_jwks_uri}"
          IAM_WEB_IDENTITY_RSA_KEY="${iam_web_identity_rsa_key}"
          IAM_WEB_IDENTITY_TOKEN_FILE="${iam_web_identity_token_file}"
          IAM_AUTH_ASSUME_WEB_ROLE_NAME="${iam_auth_assume_web_role_name}"

          EOT

  "run CSOT tests":
    - command: shell.exec
      type: test
      params:
        shell: bash
        working_dir: "src"
        script: |
          ${PREPARE_SHELL}
          # Needed for generating temporary aws credentials.
          if [ -n "${FLE}" ];
          then
            export AWS_ACCESS_KEY_ID="${fle_aws_key}"
            export AWS_SECRET_ACCESS_KEY="${fle_aws_secret}"
            export AWS_DEFAULT_REGION="${fle_aws_region}"
          fi
          export CSOT_SPEC_TESTS=1
          unset TOPOLOGY
          export TOPOLOGY=${MLAUNCH_TOPOLOGY}
          TEST_CMD="bundle exec rspec spec/spec_tests/client_side_operations_timeout_spec.rb --format Rfc::Riff --format RspecJunitFormatter --out tmp/rspec.xml" \
            .evergreen/run-tests.sh

  "export FLE credentials":
    - command: shell.exec
      type: test
      params:
        silent: true
        working_dir: "src"
        script: |
          cat <<EOT > .env.private
          MONGO_RUBY_DRIVER_AWS_KEY="${fle_aws_key}"
          MONGO_RUBY_DRIVER_AWS_SECRET="${fle_aws_secret}"
          MONGO_RUBY_DRIVER_AWS_REGION="${fle_aws_region}"
          MONGO_RUBY_DRIVER_AWS_ARN="${fle_aws_arn}"

          MONGO_RUBY_DRIVER_AZURE_TENANT_ID="${fle_azure_tenant_id}"
          MONGO_RUBY_DRIVER_AZURE_CLIENT_ID="${fle_azure_client_id}"
          MONGO_RUBY_DRIVER_AZURE_CLIENT_SECRET="${fle_azure_client_secret}"
          MONGO_RUBY_DRIVER_AZURE_IDENTITY_PLATFORM_ENDPOINT="${fle_azure_identity_platform_endpoint}"
          MONGO_RUBY_DRIVER_AZURE_KEY_VAULT_ENDPOINT="${fle_azure_key_vault_endpoint}"
          MONGO_RUBY_DRIVER_AZURE_KEY_NAME="${fle_azure_key_name}"

          MONGO_RUBY_DRIVER_GCP_EMAIL="${fle_gcp_email}"
          MONGO_RUBY_DRIVER_GCP_PRIVATE_KEY="${fle_gcp_private_key}"
          MONGO_RUBY_DRIVER_GCP_PROJECT_ID="${fle_gcp_project_id}"
          MONGO_RUBY_DRIVER_GCP_LOCATION="${fle_gcp_location}"
          MONGO_RUBY_DRIVER_GCP_KEY_RING="${fle_gcp_key_ring}"
          MONGO_RUBY_DRIVER_GCP_KEY_NAME="${fle_gcp_key_name}"
          MONGO_RUBY_DRIVER_MONGOCRYPTD_PORT="${fle_mongocryptd_port}"
          EOT

  "export Kerberos credentials":
    - command: shell.exec
      type: test
      params:
        silent: true
        working_dir: "src"
        script: |
          cat <<EOT > .env.private
          SASL_HOST=${sasl_host}
          SASL_PORT=${sasl_port}
          SASL_USER=${sasl_user}
          SASL_PASS=${sasl_pass}
          SASL_DB=${sasl_db}
          PRINCIPAL=${principal}
          KERBEROS_DB=${kerberos_db}
          KEYTAB_BASE64=${keytab_base64}
          EOT

  "exec script" :
    - command: shell.exec
      type: test
      params:
        working_dir: "src"
        script: |
          ${PREPARE_SHELL}
          sh ${PROJECT_DIRECTORY}/${file}

  "upload mo artifacts":
    - command: shell.exec
      params:
        script: |
          ${PREPARE_SHELL}
          find $MONGO_ORCHESTRATION_HOME -name \*.log\* | xargs tar czf mongodb-logs.tar.gz
    - command: s3.put
      params:
        aws_key: ${aws_key}
        aws_secret: ${aws_secret}
        local_file: mongodb-logs.tar.gz
        remote_file: ${UPLOAD_BUCKET}/${build_variant}/${revision}/${version_id}/${build_id}/logs/${task_id}-${execution}-mongodb-logs.tar.gz
        bucket: mciuploads
        permissions: public-read
        content_type: ${content_type|application/x-gzip}
        display_name: "mongodb-logs.tar.gz"

  "upload test results to s3":
    - command: s3.put
      params:
        aws_key: ${aws_key}
        aws_secret: ${aws_secret}
        # src is the relative path to repo checkout,
        # This is specified in this yaml file earlier.
        local_file: ./src/tmp/rspec.json
        display_name: rspec.json
        remote_file: ${UPLOAD_BUCKET}/${version_id}/${build_id}/artifacts/${build_variant}/rspec.json
        content_type: application/json
        permissions: public-read
        bucket: mciuploads
    # AWS does not appear to support on-the-fly gzip encoding; compress
    # the results manually and upload a compressed file.
    # Typical size reduction: 50 MB -> 800 KB
    - command: shell.exec
      params:
        script: |
          gzip <src/tmp/rspec.json >src/tmp/rspec.json.gz
    - command: s3.put
      params:
        aws_key: ${aws_key}
        aws_secret: ${aws_secret}
        # src is the relative path to repo checkout,
        # This is specified in this yaml file earlier.
        local_file: ./src/tmp/rspec.json.gz
        display_name: rspec.json.gz
        remote_file: ${UPLOAD_BUCKET}/${version_id}/${build_id}/artifacts/${build_variant}/rspec.json.gz
        content_type: application/gzip
        permissions: public-read
        bucket: mciuploads
    - command: shell.exec
      params:
        script: |
          xz -9 <src/tmp/rspec.json >src/tmp/rspec.json.xz
    - command: s3.put
      params:
        aws_key: ${aws_key}
        aws_secret: ${aws_secret}
        # src is the relative path to repo checkout,
        # This is specified in this yaml file earlier.
        local_file: ./src/tmp/rspec.json.xz
        display_name: rspec.json.xz
        remote_file: ${UPLOAD_BUCKET}/${version_id}/${build_id}/artifacts/${build_variant}/rspec.json.xz
        content_type: application/x-xz
        permissions: public-read
        bucket: mciuploads

  "upload test results":
    - command: attach.xunit_results
      params:
        file: ./src/tmp/*.xml

  "delete private environment":
    - command: shell.exec
      type: test
      params:
        silent: true
        working_dir: "src"
        script: |
          rm -f .env.private

  "run benchmarks":
    - command: shell.exec
      type: test
      params:
        shell: bash
        working_dir: "src"
        script: |
          ${PREPARE_SHELL}
          unset TOPOLOGY
          export TOPOLOGY=${MLAUNCH_TOPOLOGY}
          TEST_CMD="bundle exec rake driver_bench" PERFORMANCE_RESULTS_FILE="$PROJECT_DIRECTORY/perf.json" .evergreen/run-tests.sh
    - command: perf.send
      params:
        file: "${PROJECT_DIRECTORY}/perf.json"

  "run tests with orchestration and drivers tools":
    - command: subprocess.exec
      type: test
      params:
        binary: bash
        working_dir: "src"
        include_expansions_in_env: [MONGODB_URI, AUTH, SSL, TOPOLOGY, COMPRESSOR, RVM_RUBY]
        args:
          - ".evergreen/run-tests-new.sh"
  "run tests":
    - command: shell.exec
      type: test
      params:
        shell: bash
        working_dir: "src"
        script: |
          ${PREPARE_SHELL}
          # Needed for generating temporary aws credentials.
          if [ -n "${FLE}" ];
          then
            export AWS_ACCESS_KEY_ID="${fle_aws_key}"
            export AWS_SECRET_ACCESS_KEY="${fle_aws_secret}"
            export AWS_DEFAULT_REGION="${fle_aws_region}"
          fi
          unset TOPOLOGY
          export TOPOLOGY=${MLAUNCH_TOPOLOGY}
          .evergreen/run-tests.sh

  "run AWS auth tests":
    - command: shell.exec
      type: test
      params:
        shell: bash
        working_dir: "src"
        script: |
          ${PREPARE_SHELL}
          unset TOPOLOGY
          export TOPOLOGY=${MLAUNCH_TOPOLOGY}
          .evergreen/run-tests-aws-auth.sh

  "run Kerberos unit tests":
    - command: shell.exec
      type: test
      params:
        shell: bash
        working_dir: "src"
        script: |
          ${PREPARE_SHELL}
          .evergreen/run-tests-kerberos-unit.sh

  "run Atlas tests":
    - command: shell.exec
      type: test
      params:
        shell: bash
        working_dir: "src"
        script: |
          ${PREPARE_SHELL}
          AUTH=${AUTH} SSL=${SSL} TOPOLOGY=${TOPOLOGY} RVM_RUBY="${RVM_RUBY}" \
          ATLAS_REPLICA_SET_URI=${atlas_replica_set_uri} ATLAS_SHARDED_URI=${atlas_sharded_uri} \
          ATLAS_FREE_TIER_URI=${atlas_free_tier_uri} ATLAS_TLS11_URI=${atlas_tls11_uri} \
          ATLAS_TLS12_URI=${atlas_tls12_uri} ATLAS_SERVERLESS_URI=${atlas_serverless_uri} \
          ATLAS_SERVERLESS_LB_URI=${atlas_serverless_lb_uri} \
          ATLAS_X509_CERT_BASE64="${atlas_x509_cert_base64}" \
          ATLAS_X509_URI="${atlas_x509}" \
          ATLAS_X509_DEV_CERT_BASE64="${atlas_x509_dev_cert_base64}" \
          ATLAS_X509_DEV_URI="${atlas_x509_dev}" \
          .evergreen/run-tests-atlas.sh

pre:
  - func: assume-test-secrets-ec2-role
  - func: "fetch source"
  - func: setup-system

post:
  - func: "delete private environment"
  - func: "upload mo artifacts"
  - func: "upload test results"
  - func: "upload test results to s3"

task_groups:
  - name: testatlas_full_task_group
    setup_group_can_fail_task: true
    setup_group_timeout_secs: 1800 # 30 minutes
    setup_group:
      - func: fetch source
      - func: setup-system
      - command: shell.exec
        params:
          shell: "bash"
          working_dir: "src"
          script: |
            ${PREPARE_SHELL}

            echo "Setting up Atlas cluster"

            DRIVERS_ATLAS_PUBLIC_API_KEY="${DRIVERS_ATLAS_PUBLIC_API_KEY}" \
              DRIVERS_ATLAS_PRIVATE_API_KEY="${DRIVERS_ATLAS_PRIVATE_API_KEY}" \
              DRIVERS_ATLAS_GROUP_ID="${DRIVERS_ATLAS_GROUP_ID}" \
              DRIVERS_ATLAS_LAMBDA_USER="${DRIVERS_ATLAS_LAMBDA_USER}" \
              DRIVERS_ATLAS_LAMBDA_PASSWORD="${DRIVERS_ATLAS_LAMBDA_PASSWORD}" \
              DRIVERS_ATLAS_BASE_URL="${DRIVERS_ATLAS_BASE_URL}" \
              LAMBDA_STACK_NAME="dbx-ruby-lambda" \
              MONGODB_VERSION="7.0" \
              task_id="${task_id}" \
              execution="${execution}" \
              $DRIVERS_TOOLS/.evergreen/atlas/setup-atlas-cluster.sh

              echo "MONGODB_URI=${MONGODB_URI}"
      - command: expansions.update
        params:
          file: src/atlas-expansion.yml
    teardown_group:
      - command: shell.exec
        params:
          shell: "bash"
          working_dir: "src"
          script: |
            ${PREPARE_SHELL}

            DRIVERS_ATLAS_PUBLIC_API_KEY="${DRIVERS_ATLAS_PUBLIC_API_KEY}" \
              DRIVERS_ATLAS_PRIVATE_API_KEY="${DRIVERS_ATLAS_PRIVATE_API_KEY}" \
              DRIVERS_ATLAS_GROUP_ID="${DRIVERS_ATLAS_GROUP_ID}" \
              DRIVERS_ATLAS_BASE_URL="${DRIVERS_ATLAS_BASE_URL}" \
              LAMBDA_STACK_NAME="dbx-ruby-lambda" \
              task_id="${task_id}" \
              execution="${execution}" \
              $DRIVERS_TOOLS/.evergreen/atlas/teardown-atlas-cluster.sh
    tasks:
      - test-full-atlas-task

  - name: test_aws_lambda_task_group
    setup_group_can_fail_task: true
    setup_group_timeout_secs: 1800 # 30 minutes
    setup_group:
      - func: fetch source
      - func: setup-system
      - command: shell.exec
        params:
          shell: "bash"
          working_dir: "src"
          script: |
            ${PREPARE_SHELL}

            echo "Setting up Atlas cluster"

            DRIVERS_ATLAS_PUBLIC_API_KEY="${DRIVERS_ATLAS_PUBLIC_API_KEY}" \
              DRIVERS_ATLAS_PRIVATE_API_KEY="${DRIVERS_ATLAS_PRIVATE_API_KEY}" \
              DRIVERS_ATLAS_GROUP_ID="${DRIVERS_ATLAS_GROUP_ID}" \
              DRIVERS_ATLAS_LAMBDA_USER="${DRIVERS_ATLAS_LAMBDA_USER}" \
              DRIVERS_ATLAS_LAMBDA_PASSWORD="${DRIVERS_ATLAS_LAMBDA_PASSWORD}" \
              DRIVERS_ATLAS_BASE_URL="${DRIVERS_ATLAS_BASE_URL}" \
              LAMBDA_STACK_NAME="dbx-ruby-lambda" \
              MONGODB_VERSION="7.0" \
              task_id="${task_id}" \
              execution="${execution}" \
              $DRIVERS_TOOLS/.evergreen/atlas/setup-atlas-cluster.sh

              echo "MONGODB_URI=${MONGODB_URI}"
      - command: expansions.update
        params:
          file: src/atlas-expansion.yml
    teardown_group:
      - command: shell.exec
        params:
          shell: "bash"
          working_dir: "src"
          script: |
            ${PREPARE_SHELL}

            DRIVERS_ATLAS_PUBLIC_API_KEY="${DRIVERS_ATLAS_PUBLIC_API_KEY}" \
              DRIVERS_ATLAS_PRIVATE_API_KEY="${DRIVERS_ATLAS_PRIVATE_API_KEY}" \
              DRIVERS_ATLAS_GROUP_ID="${DRIVERS_ATLAS_GROUP_ID}" \
              DRIVERS_ATLAS_BASE_URL="${DRIVERS_ATLAS_BASE_URL}" \
              LAMBDA_STACK_NAME="dbx-ruby-lambda" \
              task_id="${task_id}" \
              execution="${execution}" \
              $DRIVERS_TOOLS/.evergreen/atlas/teardown-atlas-cluster.sh
    tasks:
      - test-aws-lambda-deployed

  - name: testgcpkms_task_group
    setup_group_can_fail_task: true
    setup_group_timeout_secs: 1800 # 30 minutes
    setup_group:
      - func: fetch source
      - func: setup-system
      - command: shell.exec
        params:
          shell: "bash"
          working_dir: "src"
          script: |
            ${PREPARE_SHELL}
            echo '${testgcpkms_key_file}' > /tmp/testgcpkms_key_file.json
            export GCPKMS_KEYFILE=/tmp/testgcpkms_key_file.json
            export GCPKMS_DRIVERS_TOOLS=$DRIVERS_TOOLS
            export GCPKMS_SERVICEACCOUNT="${testgcpkms_service_account}"
            export GCPKMS_MACHINETYPE="e2-standard-4"
            .evergreen/csfle/gcpkms/create-and-setup-instance.sh
      # Load the GCPKMS_GCLOUD, GCPKMS_INSTANCE, GCPKMS_REGION, and GCPKMS_ZONE expansions.
      - command: expansions.update
        params:
          file: src/testgcpkms-expansions.yml
    teardown_group:
      - command: shell.exec
        params:
          shell: "bash"
          working_dir: "src"
          script: |
            ${PREPARE_SHELL}
            export GCPKMS_GCLOUD=${GCPKMS_GCLOUD}
            export GCPKMS_PROJECT=${GCPKMS_PROJECT}
            export GCPKMS_ZONE=${GCPKMS_ZONE}
            export GCPKMS_INSTANCENAME=${GCPKMS_INSTANCENAME}
            .evergreen/csfle/gcpkms/delete-instance.sh
    tasks:
      - testgcpkms-task

  - name: testazurekms_task_group
    setup_group_can_fail_task: true
    setup_group_timeout_secs: 1800 # 30 minutes
    setup_group:
      - func: fetch source
      - func: setup-system
      - command: shell.exec
        params:
          shell: "bash"
          working_dir: "src"
          script: |
            ${PREPARE_SHELL}
            export AZUREKMS_VMNAME_PREFIX=RUBY
            export AZUREKMS_CLIENTID="${testazurekms_clientid}"
            export AZUREKMS_TENANTID="${testazurekms_tenantid}"
            export AZUREKMS_SECRET="${testazurekms_secret}"
            export AZUREKMS_DRIVERS_TOOLS=$DRIVERS_TOOLS
            export AZUREKMS_RESOURCEGROUP="${testazurekms_resourcegroup}"
            echo '${testazurekms_publickey}' > /tmp/testazurekms_public_key_file
            export AZUREKMS_PUBLICKEYPATH="/tmp/testazurekms_public_key_file"
            echo '${testazurekms_privatekey}' > /tmp/testazurekms_private_key_file
            chmod 600 /tmp/testazurekms_private_key_file
            export AZUREKMS_PRIVATEKEYPATH="/tmp/testazurekms_private_key_file"
            export AZUREKMS_SCOPE="${testazurekms_scope}"
            .evergreen/csfle/azurekms/create-and-setup-vm.sh
      # Load the AZUREKMS_GCLOUD, AZUREKMS_INSTANCE, AZUREKMS_REGION, and AZUREKMS_ZONE expansions.
      - command: expansions.update
        params:
          file: src/testazurekms-expansions.yml
    teardown_group:
      - command: expansions.update
        params:
          file: src/testazurekms-expansions.yml
      - command: shell.exec
        params:
          shell: "bash"
          working_dir: "src"
          script: |
            ${PREPARE_SHELL}
            export AZUREKMS_RESOURCEGROUP="${testazurekms_resourcegroup}"
            .evergreen/csfle/azurekms/delete-vm.sh
    tasks:
      - testazurekms-task

tasks:
  - name: "run-main-test-suite"
    commands:
      - func: bootstrap-mongo-orchestration
      - func: "run tests with orchestration and drivers tools"
  - name: "test-atlas"
    commands:
      - func: "run Atlas tests"
  - name: "test-mlaunch"
    commands:
      - func: "run tests"
  - name: "driver-bench"
    commands:
      - func: "run benchmarks"
  - name: "test-kerberos"
    commands:
      - func: "run Kerberos unit tests"
  - name: "test-csot"
    commands:
      - func: "run CSOT tests"
  - name: "test-fle"
    commands:
      - func: "export FLE credentials"
      - func: "run tests"
  - name: "test-aws-auth"
    commands:
      - func: "export AWS auth credentials"
      - func: "run AWS auth tests"
  - name: "test-full-atlas-task"
    commands:
      - command: shell.exec
        type: test
        params:
          working_dir: "src"
          shell: "bash"
          script: |
            ${PREPARE_SHELL}
            MONGODB_URI="${MONGODB_URI}" .evergreen/run-tests-atlas-full.sh
  - name: "testgcpkms-task"
    commands:
      - command: shell.exec
        type: setup
        params:
          working_dir: "src"
          shell: "bash"
          script: |
            ${PREPARE_SHELL}
            echo "Copying files ... begin"
            export GCPKMS_GCLOUD=${GCPKMS_GCLOUD}
            export GCPKMS_PROJECT=${GCPKMS_PROJECT}
            export GCPKMS_ZONE=${GCPKMS_ZONE}
            export GCPKMS_INSTANCENAME=${GCPKMS_INSTANCENAME}
            tar czf /tmp/mongo-ruby-driver.tgz .
            GCPKMS_SRC=/tmp/mongo-ruby-driver.tgz GCPKMS_DST=$GCPKMS_INSTANCENAME: .evergreen/csfle/gcpkms/copy-file.sh
            echo "Copying files ... end"
            echo "Untarring file ... begin"
            GCPKMS_CMD="tar xf mongo-ruby-driver.tgz" .evergreen/csfle/gcpkms/run-command.sh
            echo "Untarring file ... end"
      - command: shell.exec
        type: test
        params:
          working_dir: "src"
          shell: "bash"
          script: |
            ${PREPARE_SHELL}
            export GCPKMS_GCLOUD=${GCPKMS_GCLOUD}
            export GCPKMS_PROJECT=${GCPKMS_PROJECT}
            export GCPKMS_ZONE=${GCPKMS_ZONE}
            export GCPKMS_INSTANCENAME=${GCPKMS_INSTANCENAME}
            GCPKMS_CMD="TEST_FLE_GCP_AUTO=1 RVM_RUBY=ruby-3.1 FLE=helper TOPOLOGY=standalone MONGODB_VERSION=6.0 MONGO_RUBY_DRIVER_GCP_EMAIL="${fle_gcp_email}" MONGO_RUBY_DRIVER_GCP_PRIVATE_KEY='${fle_gcp_private_key}' MONGO_RUBY_DRIVER_GCP_PROJECT_ID='${fle_gcp_project_id}' MONGO_RUBY_DRIVER_GCP_LOCATION='${fle_gcp_location}' MONGO_RUBY_DRIVER_GCP_KEY_RING='${fle_gcp_key_ring}' MONGO_RUBY_DRIVER_GCP_KEY_NAME='${fle_gcp_key_name}' ./.evergreen/run-tests-gcp.sh" .evergreen/csfle/gcpkms/run-command.sh
  - name: "testazurekms-task"
    commands:
      - command: shell.exec
        type: setup
        params:
          working_dir: "src"
          shell: "bash"
          script: |
            ${PREPARE_SHELL}
            echo "Copying files ... begin"
            export AZUREKMS_RESOURCEGROUP=${testazurekms_resourcegroup}
            export AZUREKMS_VMNAME=${AZUREKMS_VMNAME}
            export AZUREKMS_PRIVATEKEYPATH="/tmp/testazurekms_private_key_file"
            tar czf /tmp/mongo-ruby-driver.tgz .
            AZUREKMS_SRC=/tmp/mongo-ruby-driver.tgz AZUREKMS_DST="~/" .evergreen/csfle/azurekms/copy-file.sh
            echo "Copying files ... end"
            echo "Untarring file ... begin"
            AZUREKMS_CMD="tar xf mongo-ruby-driver.tgz" .evergreen/csfle/azurekms/run-command.sh
            echo "Untarring file ... end"
      - command: shell.exec
        type: test
        params:
          working_dir: "src"
          shell: "bash"
          script: |
            ${PREPARE_SHELL}
            export AZUREKMS_RESOURCEGROUP=${testazurekms_resourcegroup}
            export AZUREKMS_VMNAME=${AZUREKMS_VMNAME}
            export AZUREKMS_PRIVATEKEYPATH="/tmp/testazurekms_private_key_file"
            AZUREKMS_CMD="TEST_FLE_AZURE_AUTO=1 RVM_RUBY=ruby-3.1 FLE=helper TOPOLOGY=standalone MONGODB_VERSION=6.0  MONGO_RUBY_DRIVER_AZURE_TENANT_ID="${MONGO_RUBY_DRIVER_AZURE_TENANT_ID}" MONGO_RUBY_DRIVER_AZURE_CLIENT_ID="${MONGO_RUBY_DRIVER_AZURE_CLIENT_ID}" MONGO_RUBY_DRIVER_AZURE_CLIENT_SECRET="${MONGO_RUBY_DRIVER_AZURE_CLIENT_SECRET}" MONGO_RUBY_DRIVER_AZURE_IDENTITY_PLATFORM_ENDPOINT="${MONGO_RUBY_DRIVER_AZURE_IDENTITY_PLATFORM_ENDPOINT}" MONGO_RUBY_DRIVER_AZURE_KEY_VAULT_ENDPOINT="${testazurekms_keyvaultendpoint}" MONGO_RUBY_DRIVER_AZURE_KEY_NAME="${testazurekms_keyname}"  ./.evergreen/run-tests-azure.sh" .evergreen/csfle/azurekms/run-command.sh

  - name: "test-aws-lambda-deployed"
    commands:
      - command: ec2.assume_role
        params:
          role_arn: ${LAMBDA_AWS_ROLE_ARN}
          duration_seconds: 3600
      - command: shell.exec
        type: test
        params:
          working_dir: "src"
          shell: "bash"
          script: |
            ${PREPARE_SHELL}
            export MONGODB_URI=${MONGODB_URI}
            export FUNCTION_NAME="ruby-driver-lambda"
            .evergreen/run-tests-deployed-lambda.sh
          env:
            TEST_LAMBDA_DIRECTORY: ${PROJECT_DIRECTORY}/spec/faas/ruby-sam-app
            AWS_REGION: us-east-1
            PROJECT_DIRECTORY: ${PROJECT_DIRECTORY}
            DRIVERS_TOOLS: ${DRIVERS_TOOLS}
            DRIVERS_ATLAS_PUBLIC_API_KEY: ${DRIVERS_ATLAS_PUBLIC_API_KEY}
            DRIVERS_ATLAS_PRIVATE_API_KEY: ${DRIVERS_ATLAS_PRIVATE_API_KEY}
            DRIVERS_ATLAS_LAMBDA_USER: ${DRIVERS_ATLAS_LAMBDA_USER}
            DRIVERS_ATLAS_LAMBDA_PASSWORD: ${DRIVERS_ATLAS_LAMBDA_PASSWORD}
            DRIVERS_ATLAS_GROUP_ID: ${DRIVERS_ATLAS_GROUP_ID}
            DRIVERS_ATLAS_BASE_URL: ${DRIVERS_ATLAS_BASE_URL}
            AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
            AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
            AWS_SESSION_TOKEN: ${AWS_SESSION_TOKEN}
            LAMBDA_STACK_NAME: "dbx-ruby-lambda"
            CLUSTER_PREFIX: "dbx-ruby-lambda"
            RVM_RUBY: ruby-3.2
            MONGODB_URI: ${MONGODB_URI}
